Re: [PATCH] time: verify time values in adjtimex ADJ_SETOFFSET to avoid overflow

[Thomas Gleixner]

On Thu, 3 Dec 2015, Sasha Levin wrote:

> Make sure the tv_usec makes sense. We might multiply them later which can
> cause an overflow and undefined behavior.
> 
> Signed-off-by: Sasha Levin <sasha.levin@xxxxxxxxxx>
> ---
>  kernel/time/timekeeping.c |    4 ++++
>  1 file changed, 4 insertions(+)
> 
> diff --git a/kernel/time/timekeeping.c b/kernel/time/timekeeping.c
> index d563c19..aa3c1c2 100644
> --- a/kernel/time/timekeeping.c
> +++ b/kernel/time/timekeeping.c
> @@ -1987,6 +1987,10 @@ int do_adjtimex(struct timex *txc)
>  
>  	if (txc->modes & ADJ_SETOFFSET) {
>  		struct timespec delta;
> +
> +		if (txc->time.tv_usec >= USEC_PER_SEC || txc->time.tv_usec <= -USEC_PER_SEC)
> +			return -EINVAL;

That's not a canonical timeval. timeval_valid() is what you want to
check it. Or has adjtimex some magic exception here?

Thanks,

	tglx
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/